Syslog configuration? (4896 Views)
Reply
Valued Contributor
RicN
Posts: 178
Registered: ‎08-13-2008
Message 1 of 6 (4,896 Views)

Syslog configuration?


Hello,

when configuration a syslog destination server (logging 123.123.123.123), is that "enough" configuration?

I have seen that you can change the facility settings and some other stuff, but do I need to do that? (I am unsure what is default?)
Please use plain text.
Honored Contributor
cenk sasmaztin
Posts: 1,435
Registered: ‎04-02-2008
Message 2 of 6 (4,896 Views)

Re: Syslog configuration?

yes Rich
this command enough

whit logging command all system log data transfer to system log server

(you must be set up system log serveron network)

for example free system log server
tftpd32
cenk

Please use plain text.
Valued Contributor
RicN
Posts: 178
Registered: ‎08-13-2008
Message 3 of 6 (4,896 Views)

Re: Syslog configuration?


Thank you Cenk for your reply!

I have a syslog server, but was not sure if everything was forwarded to it.

When could I need to use the facility command to change this?
Please use plain text.
Honored Contributor
cenk sasmaztin
Posts: 1,435
Registered: ‎04-02-2008
Message 4 of 6 (4,896 Views)

Re: Syslog configuration?

hi Ricn

you can see all switch logs same page

all network switch send logging information same system log server very useful feature
cenk

Please use plain text.
Honored Contributor
cenk sasmaztin
Posts: 1,435
Registered: ‎04-02-2008
Message 5 of 6 (4,896 Views)

Re: Syslog configuration?

hi Ricn
logging facility for multiple system system log server

Configuring the Switch To Send Debug Messages to One or More SyslogD Servers
Use the logging command to configure the switch to send Syslog messages to a SyslogD server, or to remove a SyslogD server from the switch configuration.
Syntax: [no] logging < syslog-ip-address | facility < facility-name >>
< syslog-ip-address >
If there are no SyslogD servers configured, logging enters a SyslogD server IP address and automatically enables Syslog logging to the server. If at least one SyslogD server is already configured and Syslog logging has been disabled, you can still use logging < syslog-ipaddr
> to add another SyslogD server, but Syslog logging remains disabled until you re-enable it with the debug destination logging command. While Syslog logging is enabled, the switch attempts to send Syslog messages to all configured SyslogD server addresses, and operates regardless of whether session logging is also enabled. To configure multiple SyslogD servers, repeat the command
once for each server IP address. (Default: none; Range: Up to six IP addresses)
facility < facility-name >
Specifies the destination subsystem the SyslogD server(s) must use. (All SyslogD servers must use the same subsystem.) ProCurve recommends the default (user) subsystem unless your application specifically requires another subsystem. Options include:
user (the default) - Various user-level messages kern - Kernel messages mail - Mail system daemon - system daemons auth - security/authorization messages syslog - messages generated internally by Syslog lpr -line printer subsystem news - netnews subsystem uucp - uucp subsystem cron - cron/at subsystem sys9 - cron/at subsystem sys10 through sys14 - Reserved for system use local0 through local7 - Reserved for system use
C-27
Troubleshooting
Using Logging To Identify Problem Sources
For example, on a switch where there are no SyslogD servers configured, you would do the following to configure SyslogD servers 18.120.38.155 and
18.120.43.125 and automatically enable Syslog logging (with user as the default logging facility):
ProCurve(config)# logging 18.120.38.155ProCurve(config)# logging 18.120.43.125ProCurve(config)# write memProCurve(config)# show config
logging < syslog-ip-addr > configures the Syslog
Startup configuration:
server(s) to use and enables Syslog debug
logging. (In this case, ; J9085A Configuration Editor; Created on release #R.11.XX Syslog is automatically enabled because debug hostname "ProCurve Switch 2610-24" The configured Syslog server destination logging has ip default-gateway 10.0.8.1
IP addresses appear in the not been previously logging 18.20.38.155
switchâ s configuration file. disabled with other Syslog logging 18.129.43.125
servers already snmp-server community "public" Unrestricted
configured in the switch.
vlan 1
(Refer to the Syntax box
name "DEFAULT_VLAN"
under â Configuring the Switch To Send Debug untagged 1-28
Messages to One or More ip address dhcp-bootp SyslogD Serversâ on page exit C-27.)
ProCurve(config)# show debug This command shows that
Syslog logging is enabled for Debug Logging the listed IP addresses.
Destination:
Logging -
-
18.120.38.155 Default Logging Facility
18.120.43.125 Facility = user
Enabled debug types: event
Figure C-9. Example of Configuring and Enabling Syslog Logging
To use a non-default logging facility, such as lpr, in the same operation as in figure C-9, you would use this command set:
ProCurve(config)# logging 18.120.38.155
ProCurve(config)# logging 18.120.43.125
ProCurve(config)# logging facility lpr













Specify the syslog facility value that will be used for all syslog servers. Syslog facility determines

where syslog servers should log the syslog message.
Supported Values:
â ¢ kern
â ¢ user
â ¢ mail
â ¢ daemon
â ¢ auth
â ¢ syslog
â ¢ lpr
â ¢ news
â ¢ uucp
â ¢ sys9
â ¢ sys10
â ¢ sys11
â ¢ sys12
â ¢ sys13
â ¢ sys14

â ¢ cron
â ¢ local0
â ¢ local1
â ¢ local2
â ¢ local3
â ¢ local4
â ¢ local5
â ¢ local6
â ¢ local7
cenk

Please use plain text.
Honored Contributor
André Beck
Posts: 515
Registered: ‎06-23-2005
Message 6 of 6 (4,896 Views)

Re: Syslog configuration?

RicN,

> When could I need to use the facility
> command to change this?

You might want different devices log to different files, so the messages don't mix or so that more relevant boxes log into other files than less relevant boxes. Something like e.g.

local2.debug /var/log/core.log
local3.debug /var/log/access.log
local4.debug /var/log/wireless.log

You might also have other things already log to what ProCurve uses as the default facility, so to not mix with existing logs, you might want to change the facility just for this reason.

HTH,
Andre.
Please use plain text.
The opinions expressed above are the personal opinions of the authors, not of HP. By using this site, you accept the Terms of Use and Rules of Participation